Collapsing chained credentials

ABSTRACT

An intermediate entity can generate a necessary credential to allow two other entities to bypass the intermediate entity when establishing communications between two other entities in a computing system represented by either a directed or an undirected graph. The intermediate entity receives credentials for communications links between itself and each of the other two entities. The intermediate entity also receives a chaining parameter associated with the intermediate entity. With the two credentials and the chaining parameter, the intermediate entity can compute a necessary credential to allow communication between the other two entities. In addition, the intermediate entity can compute the necessary credential independent of a security manager during the computation operation.

TECHNICAL FIELD

[0001] The invention relates generally to computer system security, and more particularly to collapsing chained credentials used in gaining authenticated access to a computing entity.

BACKGROUND OF THE INVENTION

[0002] Computer system security is essential in the modem online culture. One aspect of computer security is ensuring that an entity that is attempting to access another entity has rights to do so (“authorization”). Before authorizing the access by the entity, a computer security system must also verify the identity of the entity (“authentication”). Often, authentication and authorization are performed responsive to a login process in which a user or process provides an identifier and a secret value, such as a password or cryptographic key.

[0003] Security relationships among various entities have evolved to a point where one entity may rely on another entity's access rights to access a given resource. For example, if a first computer has rights to send a print job to a second computer, and the second computer has rights to send the print job to a networked printer, the first computer may attempt to submit the print job to the second computer (i.e., or the intermediate entity) for printing on the networked printer. This multi-stage access typically requires individual authentications and authorizations at each stage. That is, the first computer is authenticated and authorized to access the second computer, and the second computer is authenticated and authorized to access the networked printer.

[0004] At least two disadvantages are presented by the multi-stage authentication and authorization of the security process. First, in many configurations, authentication and authorization are performed with the involvement of a security manager. Often, this security manager is a process that maintains security data for many entities on a network. The multi-stage security process requires the security manager to perform authentication and authorization twice. In a busy network, the multi-stage security process can cause a bottleneck at the security manager. Second, each entity (e.g., each computer) must also participate in authentication and authorization, thereby expending resources of both entities and the security manager.

SUMMARY OF THE INVENTION

[0005] Embodiments of the present invention solve the discussed problems by collapsing chained credentials using a chaining parameter. As such, an intermediate entity can generate a necessary credential to allow two other entities to bypass the intermediate entity when establishing communications between the two other entities. The intermediate entity receives credentials for communications links between itself and each of the other two entities. The intermediate entity also receives a chaining parameter associated with the intermediate entity. With the two credentials and the chaining parameter, the intermediate entity can compute a necessary credential to allow communication between the other two entities. In addition, the intermediate entity can compute the necessary credential independent of a security manager during the computation operation.

[0006] In implementations of the present invention, articles of manufacture are provided as computer program products. One embodiment of a computer program product provides a computer program storage medium readable by a computer system and encoding a computer program that generates a computed credential for establishing a communications link between a first node and a second node in a computing system. Another embodiment of a computer program product may be provided in a computer data signal embodied in a carrier wave by a computing system and encoding the computer program that generates a computed credential for establishing a communications link between a first node and a second node in a computing system.

[0007] The computer program product encodes a computer program for executing on a computer system a computer process for generating a computed credential for establishing a communications link between a first node and a second node in a computing system is provided. The computing system includes at least the first node, the second node, and a third node. A first credential is received for establishing a communications link between the third node and the first node. A second credential is received for establishing a communications link between the third node and the second node. A chaining parameter associated with the third node is received. The computed credential is computed for establishing the communications link between the first node and the second node based on the first credential, the second credential, and the chaining parameter.

[0008] In another implementation of the present invention, a method of generating a computed credential for establishing a communications link between a first node and a second node in a computing system is provided. The computing system includes at least the first node, the second node, and a third node. A first credential is received for establishing a communications link between the third node and the first node. A second credential is received for establishing a communications link between the third node and the second node. A chaining parameter associated with the third node is received. The computed credential is computed for establishing the communications link between the first node and the second node based on the first credential, the second credential, and the chaining parameter.

[0009] These and various other features as well as other advantages, which characterize the present invention, will be apparent from a reading of the following detailed description and a review of the associated drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010]FIG. 1 illustrates an exemplary directed graph in an embodiment of the present invention.

[0011]FIG. 2 depicts exemplary operations for collapsing chained credentials in a directed graph in accordance with the present invention.

[0012]FIG. 3 illustrates an exemplary undirected graph in an embodiment of the present invention.

[0013]FIG. 4 depicts exemplary operations for collapsing chained credentials in an undirected graph in accordance with the present invention.

[0014]FIG. 5 illustrates an exemplary system useful for implementing an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

[0015] Entities communicatively coupled within a computing system may be represented by a graph having nodes connected by arcs. Each entity (i.e., node) represents a computing process or device, such as a client, a server, a storage controller, an actuator, a sensor, etc. It should be understood that a “node” is not necessarily a physical device. For example, a printer may be a single device acting on behalf of several computers for printing, or several applications running on a single computer. Each node is communicatively coupled by means of a communications link, such as a network connection, a communications bus, etc., whether wired or wireless. Furthermore, access to each communications link is managed by a controller, such as web server verification module associated with the accessed node. For example, a consumer's client computer may be coupled via logical connections on the Internet to a retailer's web server, wherein access to the retailer's web server is controlled by a verification module in the web server. Likewise, both the consumer's computer and the retailer's computer may access a bank's server, which manages transactions with the consumer's bank account. See FIG. 3 for an exemplary illustration of such a configuration.

[0016] Communication links in such computer systems may be either directed or undirected. A directed graph may represent, for example, nodes coupled in a chain-of-command system, in which the nodes have an implicit or explicit manager-subordinate relationship (e.g., node A is a manager to the subordinate node B). Typically, a manager-subordinate relationship is descriptive of the manager's ability to command the subordinate, whereas the subordinate cannot command the manager. As such, the access control to the communication link between the two nodes is not considered symmetric.

[0017] An implicit relationship in a manager-subordinate relationship refers to a relationship in which there exists a second manager-subordinate relationship, that between a third node (node C) and the node A, wherein node A is the manager to the subordinate node B and node A is authorized to command actions of node C through node B. In an embodiment of the present invention, node A may obtain a credential to establish an explicit master-subordinate relationship between node A and C.

[0018] An example of a directed graph might include a RAID (Redundant Arrays of Independent Disks) storage controller communicating with a hard disk controller, where the RAID storage controller may command the hard disk controller to access data stored on a hard disk, but the hard disk controller does not command the RAID storage controller. See FIG. 1 for an exemplary illustration of a directed graph.

[0019] In contrast, an undirected graph represents nodes in which there is no chain-of-command relationship. Instead, the relationship between nodes connected by an arc is more of a peer-to-peer relationship. As such, the access control to the communications link between the two nodes may be considered symmetric. Typically, the command abilities of nodes in an undirected graph are not limited in a given direction. Although a credential authenticating access from a first node to a second node may differ from a credential authenticating access from the second node to the first node, the two related credentials are equivalent from a cryptographic perspective, and one credential may be converted to the other related credential using a chaining parameter in an undirected graph. An example of an undirected graph might include the nodes in the e-commerce example of FIG. 3.

[0020]FIG. 1 illustrates an exemplary directed graph in an embodiment of the present invention. For the purpose of the descriptions herein, it is helpful to set out the applicable notation. Generally, the directed graph includes nodes N_(i), N_(j), N_(k), . . . , although only node 102 (N_(i)), node 104 (N_(j)) and node 106 (N_(k)) are shown in FIG. 1. A directed graph need not be fully connected or cycle free and may include an arbitrarily large number of nodes. There is at most one arc in each direction between any two nodes. An arc connecting head node N_(i) and tail node N_(j) is denoted by A_(ij), which in a directed node also indicates the direction of the manager-subordinate relationship. In FIG. 1, arcs are represented by bold solid arrows 110, 112, and 114.

[0021] There exists a security manager 108 that issues credentials to one or more entities, although it should also be understood that an entity may have already received a needed credential from another source (e.g., a security manager, another entity, by computation) and has stored it in an accessible storage location for later retrieval. The security manager 108 may be a single entity or a distributed system containing multiple security manager entities. The security manager 108 also helps manage access to an arc by the various nodes, based on whether a node can present a valid credential for the arc.

[0022] In one embodiment, the security manager 108 implements a standard RSA (Rivest, Shamir, and Adelman) cryptosystem with parameters e, d, and N, where e is the public exponent, d is the private exponent, and N is the public modulus. The security manager 108 makes e and N publicly available to nodes in the system and keeps d secret from the nodes. It is assumed that factoring N is computationally infeasible. In the RSA cryptosystem, e and d are inverses in the sense that a message encrypted with the quantity e may be decrypted by the use of d and vice versa.

[0023] The security manager 108 maintains a datastore containing security information for each node. First, two random primes numbers p_(i) and r_(i) are privately stored in the datastore in association with each node, such that N^(−1/3e)<p_(i) and r_(i)<N^(−1/3). No two prime numbers associated with nodes in the system are equal. In one embodiment, the term “prime numbers” is inclusive of strong pseudoprime numbers (i.e., proven prime numbers are not required). Second, a chaining parameter may be stored in the datastore in association with each node. In one embodiment, a chaining parameter includes (p_(i)r_(i) ²)^(−e) mod N, wherein “includes” refers to the value (p_(i)r_(i) ²)^(31 e) mod N or other cryptographic equivalents. The security manager 108 makes the chaining parameters available to nodes upon request.

[0024] A node requires a credential to access a given arc in the directed graph. The security manager 108 is capable of generating the credential (p_(i)r_(j) ²)^(e) mod N for an arc A_(ij) (i.e., credential_(ij)) and the credential (r_(i) ²p_(j))^(e) mod N for an arc A_(ji) (i.e., credentials_(ji)), based on the parameters in its datastore. It should be understood that credentials can include other cryptographic equivalents. The security manager 108 may also perform RSA decryption as required because the security manager 108 maintains a copy of the private exponent d.

[0025] As a preliminary consideration, it is believed that one cannot extract cube or higher roots of an integer x modulo a composite integer N without knowing the factorization of N. We assume that x³>N. Therefore, given e, N and a credential of the form (p_(i)r_(j) ²)^(e) mod N, an unauthorized node cannot compute p_(i), r_(i), p_(j), and r_(j), or a credential for A_(ij) or A_(ji).

[0026] To access an arc A_(ij) in a directed graph, the node 102 first obtains a credential for arc A_(ij). In an embodiment of the present invention, the node 102 is initially assumed to possess no credentials. When the node 102 (N_(i)) attempts to access node 104 (N_(j)), the node 102 requests from the security manager 108 a credential to access the node 104 via the arc 110. The dashed credential arrow 118 represents the request and response pair of this credential communication. The node 102 can then present the credentials via the dashed credential arrow 120 to the verification module that controls access to the node 104. If the verification module can verify the credential, it grants the node 102 with access to the node 104, thereby establishing the communications link represented by the arc 110.

[0027] In one embodiment, the verification module sends the credential to the security manager 108 via solid verification arrow 122 and requests verification of the credential. The security manager 108 verifies the presented credential by computing a computed credential based on its stored values of p_(i) and r_(j). If the computed credential matches the credential presented by node 102, then the security manager 108 indicates to the verification module that the presented credential is deemed valid. The verification module can then allow node 102 to access node 104. Otherwise, access to node 104 by node 102 is denied.

[0028] In another embodiment, the verification module sends the credential_(ij) to the security manager 108 via solid verification arrow 122 and request verification of the credential. The security manager 108 verifies the presented credential_(ij) by using d to perform an RSA decryption of the presented credential to create a decryption result. If the decryption result matches p_(i)r_(j) ² mod N, then the credential is deemed valid and the verification module can allow node 102 to access node 104. Otherwise, access to node 104 by node 102 is denied. Other known verification methods are also contemplated within the scope of the present invention.

[0029] At another point in time, such as responsive to a command received from node 102 to carry out an implicit manager-subordinate relationship between nodes 102 and 106, the node 104 (N_(j)) attempts to access the node 106 (N_(k)) via the arc 112 (A_(jk)). To access an arc A_(jk), the node 104 first obtains a credential for arc A_(jk) via the dashed credential arrow 124. The node 104 can then present the credential via the dashed credential arrow 126 to the verification module that controls access to the node 106. If the verification module can verify the credential, it grants the node 104 with access to the node 106, thereby establishing the communications link represented by the are 112.

[0030] However, in an embodiment of the present invention, the node 104 may also receiving one or more chaining parameters from the security manager 108 via the dashed credential arrow 124. For example, in addition to the credential_(jk), the node 104 may also receive a chaining parameters. Therefore, the node 104 may compute a credential_(jk) based on the two credentials it possesses (i.e., credential_(ij) received from node 102 and credential_(jk) received from the security manager 108), and the chaining parameter_(j) using the following computation: $\begin{matrix} {{credential}_{ik} = {{{credential}_{ij} \cdot {credential}_{jk} \cdot {chaining}}\quad {parameter}_{j}}} \\ {= {{\left( {p_{i}r_{j}^{2}} \right)^{e} \cdot \left( {p_{j}r_{k}^{2}} \right)^{e} \cdot \left( {p_{j}r_{j}^{2}} \right)^{- e}}{mod}\quad N}} \\ {= {{\left( {p_{i}r_{j}^{2}p_{j}r_{k}^{2}} \right)^{e} \cdot \left( {p_{j}r_{j}^{2}} \right)^{- e}}{mod}{\quad \quad}N}} \\ {= {\left( {p_{i}r_{k}^{2}} \right)^{e}{mod}\quad N}} \end{matrix}$

[0031] The computation of the computed credential_(ik) involves a form of multiplication, as indicated by the operator “·”. The newly computed credential_(ik) may then be transmitted to the node 102 via the dashed credential arrow 128. The node 102 may then use the credential_(ik) to establish an explicit manager-subordinate relationship with node 106 via a communications link represented by arc 116 by transmitting the credential_(ik) via the dashed credential arrow 130 to the verification module associated with node 106. If the verification module of node 106 is able to verify the credential_(ik) via the security manager 108 and the solid authentication arrow 132, the node 102 is granted access to the node 106 via the communications link represented by the arc 116.

[0032]FIG. 2 depicts exemplary operations for collapsing chained credentials in a directed graph in accordance with the present invention. The directed graph has at least nodes N_(i), N_(j), and N_(k) in which the nodes have the same manager-subordinate relationships as depicted in FIG. 1. In a credential operation 200, node N_(i) obtains a credential_(ij) from a security manager. The node N_(i) may also obtain a chaining parameters_(i). In a transmission operation 202, node N_(i) transmits the credentials to the verification module of node N_(j), which verifies the credential_(ij) via the security manager in a verification operation 204. If the credentials is verified, access by the node N_(i) to the node N_(j) is granted and node N_(i) requests that node N_(j) access node N_(k) in a request operation 206.

[0033] In order to access node N_(k), node N_(j) obtains a credential_(jk) from a security manager in a credential operation 208. To collapse the chained credentials credential_(ij) and credential_(jk), node N_(j) also obtains a chaining parameter_(j) in credential operation 208. If the verification module associated with node N_(k) verifies the credential_(jk), node N_(j) may access node N_(k).

[0034] However, having obtained credential_(ij) and credential_(jk), and chaining parameter_(j), node N_(j) may also calculate a credential_(ik) in a computation operation 210 to be used in establishing a communications link between nodes N_(i) and N_(k). In transmission operation 212, node N_(j) transmits the credential_(ik) to node N_(i). In another transmission operation 214, node N_(i) transmits the credential_(ik) to the verification module of node N_(k), which verifies the credential_(ik) via the security manager in a verification operation 216. If the credential_(ik) is verified, access to the node N_(k) is granted the node N_(i). Node N_(i) can then access node N_(k) directly (i.e., without using the intermediary access to node N_(j)) in an access operation 218.

[0035]FIG. 3 illustrates an exemplary undirected graph in an embodiment of the present invention. Generally, the undirected graph includes nodes N_(i), N_(j), N_(k), . . . , although only node 302 (N_(i)), node 304 (N_(j)) and node 306 (N_(k)) are shown in FIG. 3. An undirected graph need not be fully connected or cycle free and may contain an arbitrarily large number of nodes. There is at most one arc in each direction between any two nodes. An arc connecting node N_(i) and node N_(j) is denoted by A_(ij), which in an undirected graph does not imply any direction in the peer-to-peer relationship. In FIG. 3, arcs are represented by bold solid arrows 310, 312, and 314.

[0036] There exists a security manager 308 that issues credentials to one or more entities. The security manager 308 may be a single entity or a distributed system containing multiple security manager entities. The security manager 308 also helps manage access to an arc by the various nodes, based on whether a node can present a valid credential for the arc.

[0037] In one embodiment, the security manager 308 implements a standard RSA cryptosystem with parameters e, d, and N, where e is the public exponent, d is the private exponent, and N is the public modulus. The security manager 308 makes e and N publicly available to nodes in the system and keeps d secret from the nodes. It is assumed that factoring N is computationally infeasible. In the RSA cryptosystem, e and d are inverses in the sense that a message encrypted with the quantity e may be decrypted by the use of d and vice versa.

[0038] The security manager 308 maintains a datastore containing security information for each node. First, a random prime number p_(i) is privately stored in the datastore in association with each node, such that N^(−1/3e)<p_(i)<N^(−1/3). No two prime numbers associated with nodes in the system are equal. In one embodiment, the term “prime numbers” is inclusive of strong pseudoprime numbers (i.e., proven prime numbers are not required). Second, a chaining parameter may be stored in the datastore in association with each node. In one embodiment, a chaining parameter includes p_(i) ^(−3e) mod N, wherein “includes” refers to the value p_(i) ^(−3e) mod N or other cryptographic equivalents. The security manager 308 makes the chaining parameters available to nodes upon request.

[0039] A node requires a credential to access a given arc in the undirected graph. The security manager 308 is capable of generating the credential (p_(i)p_(j) ²)^(e) mod N for an arc A_(ij) (i.e., credential_(ij)) or equivalently, as the graph is undirected, and the credential (p_(j)p_(i) ²)^(e) mod N for an arc A_(ji) (i.e., credential_(ji)), based on the parameters in its datastore. It should be understood that credentials can include other cryptographic equivalents. Note that given the credential_(ij), a node may also compute the credential_(ji) by using the chaining parameter p_(j) ⁻³e mod N which it does by performing the computation ((p_(i)p_(j) ²)^(e)) 2·p_(j) ^(−3e) mod N. It may be advantageous for the node N_(i) to perform this computation when it receives the credential_(ij) and chaining parameter from the security manager 308 and to store the credential_(ji) for later use. The security manager 308 may also perform RSA decryption as required because the security manager 308 maintains a copy of the private exponent d.

[0040] To access an arc A_(ij) in an undirected graph, the node 302 first obtains a credential for arc A_(ij). An example of such access may include a consumer's connection to a retailer's web site. In an embodiment of the present invention, the node 302 is initially assumed to possess no credentials. When the node 302 (N_(i)) first attempts to access node 304 (N_(j)), the node 302 requests from the security manager 308 a credential to access the node 304 via the arc 310. The dashed credential arrow 318 represents the request and response pair of this credential communication. The node 302 can then present the credential via the dashed credential arrow 320 to the verification module that controls access to the node 304. If the verification module can verify the credential, it grants the node 302 with access to the node 304, thereby establishing the communications link represented by the arc 310.

[0041] In various embodiments, the verification module sends the credential_(ij) to the security manager 308 via solid verification arrow 322 and requests verification of the credential. Two exemplary methods of verification are described with regard to FIG. 1.

[0042] At another point in time, the consumer may wish to access the web site for his or her bank, the node 302 (N_(i)) attempts to access the node 306 (N_(k)) via the arc 312 (A_(ik)). To access the arc A_(ik), the node 302 first obtains a credential for arc A_(ik) from the security manager 308 via the dashed credential arrow 318. The node 302 can then present the credential_(ik) via the dashed credential arrow 326 to the verification module that controls access to the node 306. If the verification module can verify the credentials through solid verification arrow 332, it grants the node 302 with access to the node 306, thereby establishing the communications link represented by the arc 312.

[0043] However, in an embodiment of the present invention, the node 302 may also receive one or more chaining parameters from the security manager 308 via the dashed credential arrow 318. For example, in addition to the credential_(ik), the node 302 may also receive a chaining parameter_(i). Therefore, the node 302 may compute a credential_(jk) based on the two credentials it possesses (i.e., credential_(ij) and credential_(jk) received from the security manager 308), and the chaining parameter_(i) as follows.

[0044] First, the node 302 either computes the credential_(ji) as described above or retrieves it from its store of pre-computed credentials.

[0045] Second, the node 302 performs the following computation: $\begin{matrix} {{credential}_{jk} = {{{credential}_{ji} \cdot {credential}_{ik} \cdot {chaining}}\quad {parameter}_{i}}} \\ {= {{\left( {p_{j}p_{i}^{2}} \right)^{e} \cdot \left( {p_{i}p_{k}^{2}} \right)^{e} \cdot p_{i}^{{- 3}e}}{mod}\quad N}} \\ {= {{\left( {p_{i}^{3}p_{j}p_{k}^{2}} \right)^{e} \cdot p_{i}^{{- 3}e}}{mod}\quad N}} \\ {= {\left( {p_{j}p_{k}^{2}} \right)^{e}{mod}\quad N}} \end{matrix}$

[0046] The computation of the computed credential_(jk) involves a form of multiplication, as indicated by the operator “˜”. The newly computed credential_(jk) may then be transmitted to the node 304 via the dashed credential arrow 328. The node 304 may then use the credential_(jk) to establish a communications link with node 306 represented by arc 314 by transmitting the credential_(jk) via the dashed credential arrow 330 to the verification module associated with node 306. If the verification module of node 306 is able to verify the credential_(jk) via the security manager 308 and the solid authentication arrow 332, the node 304 is granted access to the node 306 via the communications link represented by the arc 314.

[0047]FIG. 4 depicts exemplary operations for collapsing chained credentials in an undirected graph in accordance with the present invention. The undirected graph has at least nodes N_(i), N_(j), and N_(k) in which the nodes have the same manager-subordinate relationships as depicted in FIG. 3. In a credential operation 400, node N_(i) obtains a credential_(ij) from a security manager. The node N_(i) may also obtain a chaining parameter_(i). In a transmission operation 402, node N_(i) transmits the credential_(ij) to the verification module of node N_(j), which verifies the credential_(ij) via the security manager in a verification operation 404. If the credential_(ij) is verified, access by the node N_(i) to the node N_(j) is granted and node N_(i) accesses node N_(j) in an access operation 406. In credential operation 407, node N_(i) obtains the credential_(ji) via computation using the chaining parameter_(j), from another nodes (such as node_(j)), from an accessible storage location, or from the security manager.

[0048] In order to allow direct access between node N_(j) and node N_(k), node N_(i) obtains a credential_(jk) from a security manager in a credential operation 408. To collapse the chained credentials credential_(ji) and credential_(ik), node N_(i) may also obtain a chaining parameters in a credential operation 408. Having obtained credentials credential_(ji) and credential_(ik), and chaining parameter_(i), node N_(i) may also calculate a credential_(jk) in a computation operation 410 to be used in establishing a communications link between nodes N_(j) and N_(k). In transmission operation 412, node N_(i) transmits the credential_(jk) to node N_(j). In another transmission operation 414, node N_(j) transmits the credential_(jk) to the verification module of node N_(k), which verifies the credential_(jk) via the security manager in a verification operation 416. If the credential_(jk) is verified, access to the node N_(k) is granted the node N_(j). Node N_(j) can then access node N_(k) directly (i.e., without using an intermediary access to node N_(i)) in an access operation 418.

[0049] The exemplary hardware and operating environment of FIG. 5 for implementing the invention includes a general purpose computing device in the form of a computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that operatively couples various system components include the system memory to the processing unit 21. There may be only one or there may be more than one processing unit 21, such that the processor of computer 20 comprises a single central-processing unit (CPU), or a plurality of processing units, commonly referred to as a parallel processing environment. The computer 20 may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited.

[0050] The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory may also be referred to as simply the memory, and includes read only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system (BIOS) 26, containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, is stored in ROM 24. The computer 20 further includes a hard disk drive 27 for reading from and writing to a hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD ROM or other optical media.

[0051] The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical disk drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures, program modules and other data for the computer 20. It should be appreciated by those skilled in the art that any type of computer-readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories (RAMs), read only memories (ROMs), and the like, may be used in the exemplary operating environment.

[0052] A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24, or RAM 25, including an operating system 35, one or more application programs 36, other program modules 37, and program data 38. A user may enter commands and information into the personal computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to the system bus, but may be connected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB). A monitor 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48. In addition to the monitor, computers typically include other peripheral output devices (not shown), such as speakers and printers.

[0053] The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer 49. These logical connections are achieved by a communication device coupled to or a part of the computer 20; the invention is not limited to a particular type of communications device. The remote computer 49 may be another computer, a server, a router, a network PC, a client, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device 50 has been illustrated in FIG. 5. The logical connections depicted in FIG. 5 include a local-area network (LAN) 51 and a wide-area network (WAN) 52. Such networking environments are commonplace in office networks, enterprise-wide computer networks, intranets and the Internet, which are all types of networks.

[0054] When used in a LAN-networking environment, the computer 20 is connected to the local network 51 through a network interface or adapter 53, which is one type of communications device. When used in a WAN-networking environment, the computer 20 typically includes a modem 54, a type of communications device, or any other type of communications device for establishing communications over the wide area network 52, such as the Internet. The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the personal computer 20, or portions thereof, may be stored in the remote memory storage device. It is appreciated that the network connections shown are exemplary and other means of and communications devices for establishing a communications link between the computers may be used.

[0055] In an embodiment of the present invention, software of the present invention, including security manager software and communications and verification modules of the various nodes, may be incorporated as part of the operating system 35, application programs 36, or other program modules 37. The security parameters, including prime numbers, credentials and chaining parameters may be stored as program data 38.

[0056] The embodiments of the invention described herein are implemented as logical steps in one or more computer systems. The logical operations of the present invention are implemented (1) as a sequence of processor-implemented steps executing in one or more computer systems and (2) as interconnected machine modules within one or more computer systems. The implementation is a matter of choice, dependent on the performance requirements of the computer system implementing the invention. Accordingly, the logical operations making up the embodiments of the invention described herein are referred to variously as operations, steps, objects, or modules.

[0057] The above specification, examples and data provide a complete description of the structure and use of exemplary embodiments of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims hereinafter appended. 

What is claimed is:
 1. A computer program product encoding a computer program for executing on a computer system a computer process for generating a computed credential for establishing a communications link between a first node and a second node in a computing system, wherein the computing system includes at least the first node, the second node, and a third node, the computer process comprising: receiving a first credential for establishing a communications link between the third node and the first node; receiving a second credential for establishing a communications link between the third node and the second node; receiving a chaining parameter associated with the third node; computing the computed credential for establishing the communications link between the first node and the second node based on the first credential, the second credential, and the chaining parameter.
 2. The computer program product of claim 1 wherein the computer process further comprises: sending the computed credential to the first node to allow the first node to access the second node.
 3. The computer program product of claim 1 wherein the computing operation comprises: multiplying the first credential, the second credential, and the chaining parameter to generate the computed credential for establishing the communications link between the first node and the second node.
 4. The computer program product of claim 1 wherein the operation of receiving the first credential comprises receiving the first credential by the third node from the first node, and the operation of receiving the second credential comprises receiving the second credential by the third node from a security manager.
 5. The computer program product of claim 1 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), and the first credential includes (p_(i)r_(j) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by a security manager, and r_(j) is a random prime number associated with the first node and privately stored by the security manager, such that N^(−1/3e)<p_(i), r_(j)<N^(−1/3).
 6. The computer program product of claim 5 wherein the first node is a manager and the third node is a subordinate in a manager-subordinate relationship.
 7. The computer program product of claim 1 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(j)r_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, and r_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(j), r_(k)<N^(−1/3).
 8. The computer program product of claim 7 wherein the third node is a manager and the second node is a subordinate in a manager-subordinate relationship.
 9. The computer program product of claim 1 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, r_(j) is a random prime number associated with the third node and privately stored by the security manager, such that N^(−1/3e)<p_(j), r_(j)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling (p_(j)r_(j) ²)^(−e) mod N from a security manager.
 10. The computer program product of claim 1 wherein the operation of receiving the first credential comprises receiving the first credential by the third node from a security manager, and the operation of receiving the second credential comprises receiving the second credential by the third node from a security manager.
 11. The computer program product of claim 1 wherein the computer process further comprises: receiving a chaining parameter associated with the first node.
 12. The computer program product of claim 11 wherein the operation of receiving the first credential comprises computing the first credential based on the chaining parameter associated with the first node.
 13. The computer program product of claim 1 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the first credential includes (p_(j)p_(i) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by the security manager, and p_(j) is a random prime number associated with the first node and privately stored by the security manager, such that N^(−1/3e)<p_(i), p_(j)<N^(−1/3).
 14. The computer program product of claim 1 wherein the operation of receiving the first credential comprises retrieving the first credential from a storage location accessible to the third node.
 15. The computer program product of claim 1 wherein the operation of receiving the second credential comprises retrieving the second credential from a storage location accessible to the third node.
 16. The computer program product of claim 1 wherein the operation of receiving the chaining parameter comprises retrieving the chaining paramete r from a storage location accessible to the third node.
 17. The computer program product of claim 1 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(i)p_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by the security manager, and p_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(i), p_(k)<N^(−1/3).
 18. The computer program product of claim 1 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(j)p_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by the security manager, and p_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(j), p_(k)<N^(−1/3).
 19. The computer program product of claim 1 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, such that N^(−1/3e)<p_(j)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling p_(j) ^(−3e) mod N from a security manager.
 20. The computer program product of claim 1 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by a security manager, such that N^(−1/3e)<p_(i)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling p_(i) ^(−3e) mod N from a security manager.
 21. A method of generating a computed credential for establishing a communications link between a first node and a second node in a computing system, wherein the computing system includes at least the first node, the second node, and a third node, the method comprising: receiving a first credential for establishing a communications link between the third node and the first node; receiving a second credential for establishing a communications link between the third node and the second node; receiving a chaining parameter associated with the third node; and computing the computed credential for establishing the communications link between the first node and the second node based on the first credential, the second credential, and the chaining parameter.
 22. The method of claim 21 further comprising: sending the computed credential to the first node to allow the first node to access the second node.
 23. The method of claim 21 wherein the computing operation comprises: multiplying the first credential, the second credential, and the chaining parameter to generate the computed credential for establishing the communications link between the first node and the second node.
 24. The method of claim 21 wherein the operation of receiving the first credential comprises receiving the first credential by the third node from the first node, and the operation of receiving the second credential comprises receiving the second credential by the third node from a security manager.
 25. The method of claim 21 further comprising: receiving a chaining parameter associated with the first node.
 26. The method of claim 25 wherein the operation of receiving the first credential comprises computing the first credential based on the chaining parameter associated with the first node.
 27. The method of claim 21 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), and the first credential includes (p_(i)r_(j) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by a security manager, and r_(j) is a random prime number associated with the first node and privately stored by the security manager, such that N^(−1/3e)<p_(i), r_(j)<N^(−1/3).
 28. The method of claim 27 wherein the first node is a manager and the third node is a subordinate in a manager-subordinate relationship.
 29. The method of claim 21 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(j)r_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, and r_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(j), r_(k)<N^(−1/3).
 30. The method of claim 29 wherein the third node is a manager and the second node is a subordinate in a manager-subordinate relationship.
 31. The method of claim 21 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, r_(j) is a random prime number associated with the third node and privately stored by the security manager, such that N^(−1/3e)<p_(j), r_(j)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling (p_(j)r²)^(−e) mod N from a security manager.
 32. The method of claim 21 wherein the operation of receiving the first credential comprises receiving the first credential by the third node from a security manager, and the operation of receiving the second credential comprises receiving the second credential by the third node from a security manager.
 33. The method of claim 21 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the first credential includes (p_(j)p_(i) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by the security manager, and p_(j) is a random prime number associated with the first node and privately stored by the security manager, such that N^(−1/3e)<P_(i), p_(j)<N^(−1/3).
 34. The method of claim 21 wherein the operation of receiving the first credential comprises retrieving the first credential from a storage location accessible to the third node.
 35. The method of claim 21 wherein the operation of receiving the second credential comprises retrieving the second credential from a storage location accessible to the third node.
 36. The method of claim 21 wherein the operation of receiving the chaining parameter comprises retrieving the chaining parameter from a storage location accessible to the third node.
 37. The method of claim 21 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(i)p_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by the security manager, and p_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(i), p_(k)<N^(−1/3).
 38. The method of claim 1 wherein the third node is represented by N_(i), the first node is represented by N_(j), the second node is represented by N_(k), and the second credential includes (p_(j)p_(k) ²)^(e) mod N, wherein e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by the security manager, and p_(k) is a random prime number associated with the second node and privately stored by the security manager, such that N^(−1/3e)<p_(j), p_(k)<N^(−1/3).
 39. The method of claim 21 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(j) is a random prime number associated with the third node and privately stored by a security manager, such that N^(−1/3e)<p_(j)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling p_(j) ^(−3e) mod N from a security manager.
 40. The method of claim 21 wherein the first node is represented by N_(i), the third node is represented by N_(j), the second node is represented by N_(k), e is a public exponent, N is a public modulus, p_(i) is a random prime number associated with the third node and privately stored by a security manager, such that N^(−1/3)e<p_(i)<N^(−1/3), and the operation of receiving a chaining parameter comprises: receiving the chaining parameter equaling p_(i) ^(−3e) mod N from a security manager. 